Support timestamp (t=) attribute in signature

Details

Description

t=
Signature Timestamp (plain-text unsigned decimal integer; RECOMMENDED, default is an unknown creation time). The time that this signature was created. The format is the number of seconds since 00:00:00 on January 1, 1970 in the UTC time zone. The value is expressed as an unsigned integer in decimal ASCII. This value is not constrained to fit into a 31- or 32-bit integer. Implementations SHOULD be prepared to handle values up to at least 10^12 (until approximately AD 200,000; this fits into 40 bits). To avoid denial-of-service attacks, implementations MAY consider any value longer than 12 digits to be infinite. Leap seconds are not counted. Implementations MAY ignore signatures that have a timestamp in the future.
ABNF:

sig-t-tag = %x74 [FWS] "=" [FWS] 1*12DIGIT

If the input signature has "t=;" then we could add the current timestamp, otherwise we should leave everything as is.

While verifying a signature with a t= parameter we should "ignore" signatures with a date in the future.

Stefano Bagnara
added a comment - 08/Jun/10 23:08 In the signer If a signature template includes an empty "t=;" value now the signature is automatically filled with the current timestamp.
In the verifier if a signature include a t= parameter with a value in the future then the signature is ignored. (the specs say we "MAY" ignore: I don't see much value in making this configurable)